Healthcare security leaders face significant cyber risks in their organizations, and third-party partnerships increase those enterprise attack surfaces.

The Third-Party Vendor Risk Management in Healthcare report from the Cloud Security Alliance (CSA) and drafted by the Health Information Management Working Group provides an overview of the third-party vendor security risks for Healthcare Delivery Organizations (HDOs) and addresses why third-party risks are more prevalent in the healthcare industry.

Cyber risks in healthcare

The report identified a number of special considerations for healthcare third-party risk management, citing that many risk management programs are inadequately meet the sector's cybersecurity demands due to a lack of automation; the high cost of risk assessments; and the partial or non-deployment of security controls in healthcare organizations.

“The use of third-party vendors results in an expanded attack surface as attackers can breach the vendor and either extract data from them or use the vendor to gain access to the HDOs systems," said Michael Roza, a contributor to the paper. 

"Failing to assess risks and implement effective monitoring controls appropriately can be costly in terms of both potential penalties and reputation. The increased use of third-party vendors for applications and data processing services in healthcare is likely to continue, especially as HDOs find it necessary to focus limited resources on core organizational objectives and contract out support services, making an effective third-party risk management program essential,” Roza continued.

For more information, download the report.